username/s5p
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add gitleaks secret scanning to CI pipeline
Some checks failed
ci / secrets (push) Failing after 9s
Details
ci / test (push) Successful in 19s
Details
ci / build (push) Has been skipped
Details

Browse Source 
Runs gitleaks detect with full history before the build job.
Both test and secrets jobs must pass to gate image push.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
user
2026-02-21 17:34:38 +01:00
parent 8a909cd79d
commit 64f3fedb9f
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/CHEATSHEET.md
View File

@@ -37,8 +37,9 @@ Dev override: compose.yaml mounts `./src` (ro) over the baked-in source.
Gitea Actions runs on push to `main`:
1. `ruff check` + `pytest` in `python:3.13-slim`
2. Build + push `harbor.mymx.me/s5p/s5p:latest`
1. `ruff check` + `pytest` (test)
2. `gitleaks detect` (secrets scan)
3. Build + push `harbor.mymx.me/s5p/s5p:latest`
Secrets: `HARBOR_USER` / `HARBOR_PASS` (configured in Gitea repo settings).